Personal information of Samsung customers was stolen in July, but the company discovered it on August 4. Its representatives said that “unauthorized third party acquired information from some of Samsung’s U.S. systems.” Social security numbers and credit card numbers were not affected. However, data on customers’ names, contact and demographic information, dates of birth, and product registration data was stolen.
“The information affected for each relevant customer may vary. We are notifying customers to make them aware of this matter,” the company said.
Samsung representative Chris Langlois told TechCrunch, that demographic data refers to information used for marketing and advertising purposes. However, he did not specify what types of data this includes.
Langlois added that the registration information customers provide to access support and warranty information includes the product purchase date, model and device ID. But he declined to reveal the number of customers affected or why it took more than a month for the company to notify them of the incident.
“Even though the investigation is ongoing, we wanted to notify our customers to make them aware of this matter because we understand how important their privacy is,” a company spokesperson said.
The company said it has taken measures to protect its systems and has engaged an unnamed third-party cybersecurity firm. Samsung also reported that it is coordinating actions with law enforcement agencies.
This year, Samsung has already reported a data leak. In March, the Lapsus$ hacker group, which infiltrated NVIDIA, Microsoft and T-Mobile, obtained and leaked nearly 200 gigabytes of confidential company data. Among them were, in particular, the source code for various technologies and algorithms for biometric unlocking operations.